Demand Based Encryption and Key Generation and Distribution Systems and Methods

ABSTRACT

Systems and methods providing a key management platform that generates and distributes demand-based encryption and decryption keys are described.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority under 35 U.S.C. §119(e) to co-pendingU.S. Provisional Patent Application Ser. No. 61/555,124, filed Nov. 3,2011, entitled DEMAND BASED ENCRYPTION AND KEY GENERATION ANDDISTRIBUTION, the content of which is hereby incorporated by referenceherein in its entirety for all purposes.

FIELD OF THE DISCLOSURE

The disclosure relates generally to systems and methods providing a keymanagement platform that generates and distributes demand-basedencryption and decryption keys.

BACKGROUND OF THE DISCLOSURE

Current encryption standards are predominantly implemented inserver-type resources in which data is sent to a central server andencrypted as a backend process. A decryption key is then sent to the enduser for local use. Such methods fail to address direct peer-to-peerenvironments such as communication between mobile devices, includingCDMA, UMTS, GSM, LTE and other formats as well as communications overWIFI, WI-MAX, variants of 802.11x, and emerging standards.

SUMMARY OF THE DISCLOSURE

In accordance with the present disclosure, a computer-implementedmethod, a system and a computer program product comprising a computerusable medium having a computer readable program code embodied thereinthat is adapted to be executed to implement a method for providingon-demand encryption and key generation and distribution are described.

Certain methods, systems and computer program products may generate arequest, identification information identifying a receiver system, andone or more use parameters associate with a data file; send the requestto a key management system, wherein the sending of the request isconfigured to cause the key management system to generate a privateencryption key and a public encryption key; send the identificationinformation to the key management system, wherein the sending of theidentification information is configured to cause the key managementsystem to send the public encryption key to the receiver system; sendthe use parameters to the key management system, wherein the sending ofthe use parameters is configured to cause the key management system togenerate the public encryption key based on the use parameters; generatepayment information; send the payment information to the key managementsystem, wherein the sending of the payment information is configured tocause the key management system to generate the private encryption keyand the public encryption key upon authentication of the paymentinformation; receive the private encryption key from the key managementsystem; modify the data file with the use parameters before the datafile is encrypted; encrypt the data file using the private encryptionkey; send the encrypted data file to the receiving system; send anaccess instruction to the receiving system, wherein the sending of theaccess instruction is configured to prohibit the receiving system fromaccessing the data file after a first number of access attempts by thereceiving system and after an elapsed time period from when theencrypted data file was sent to the receiving system; receive anotification relating to an attempt, by the receiving system, at takingan action in relation to the data file; generate, based on thenotification, an instruction configured to deny the action; and/or sendthe instruction to the receiving system, wherein the sending of theinstruction is configured to prevent the receiving system fromcompleting the action. A processing component may encrypt the data filebased on the use parameters. Use parameters may specify an expirationdate of the public encryption key.

Other methods, systems and computer program products may receive, from arequester system, a request to generate a private encryption key and apublic encryption key; receive, from the requester system,identification information identifying a receiver system; generate afirst private encryption key and a first public encryption key inresponse to receiving the request; send the first private encryption keyto the requester system; receive, from the requester system, useparameters; generate, based on the use parameters, the first publicencryption key; send the first public encryption key to the receiversystem; send an instruction specifying the use parameters to anapplication running on the receiving system, wherein the applicationcontrols access to an encrypted data file that was received from therequester system by the receiver system based on the instructionspecifying the use parameters; generate one or more passcodes associatedwith the first private encryption key and the first public encryptionkey; send at least one of the passcodes to the requester system; and/orsend at least one of the passcodes to the receiver system.

BRIEF DESCRIPTION OF THE DRAWINGS

The present application may be more fully appreciated in connection withthe following detailed description taken in conjunction with theaccompanying drawings:

FIG. 1 shows a block diagram depicting an on-demand encryption systemfor generating and distributing encryption information in response touser request.

FIG. 2 illustrates a process flow diagram detailing a process relatingto the on-demand encryption system of FIG. 1.

FIG. 3 illustrates a process flow diagram detailing a process relatingto the on-demand encryption system of FIG. 1.

DETAILED DESCRIPTION OF THE DISCLOSURE

Various aspects of the disclosure are described below. It should beapparent that the teachings herein may be embodied in a wide variety offorms and that any specific structure, function, or both, beingdisclosed herein is merely representative. Based on the teachings hereinone skilled in the art should appreciate that any aspect disclosed maybe implemented independently of any other aspects and that two or moreof these aspects may be combined in various ways. For example, a systemmay be implemented or a method may be practiced using any number of theaspects set forth herein.

This disclosure relates generally to one or more systems, methods, andcomputer program products for distributing encryption information.Generally, the disclosure may be implemented to provide services to auser to generate encryption keys to protect content and to communicatethe associated encryption keys to one or more appropriate users.Furthermore, the disclosed system may be used to incorporate othersecurity features, such as temporal, geographical, and usagerestrictions into the encrypted file. Each of these services may beprovided on-demand and in response to user selected inputs. Encryptionof any type of content is contemplated, including content stored in anyformat (e.g., PDG, JPEG, WORD, EXCEL, and others) and containing anytype of information (e.g., video, audio, text, and others).

Additional details are provided in the examples below.

Example Systems

Attention is first drawn to FIG. 1, which depicts certain aspects of thedisclosure relating to an on-demand encryption system 100 for generatingand distributing encryption information in response to user request. Thesystem 100 may be configured to include a communication platform 110, arequester platform 120, a receiver platform 130, and a key managementplatform 140. The term “platform” as used herein may refer to a singlecomponent, a grouping of remote components at multiple locations, or acentralized grouping of components at a single location. A platform mayinclude components that may be hosted by, or services that may beoffered by parties other than those directly associated with eachplatform. A platform may further include hardware, software, or othersolutions and other components configured to exchange and process dataand instructions using various protocols across various networkcommunication pathways. Certain aspects of each platform are describedin more detail below. It is to be understood that the description hereinis not intended to be limiting, and alternative embodiments arecontemplated as understood by one of skill in the art.

Communication Platform 110

The communication platform 110 may be configured to providecommunication links among the various other platforms. For example, thecommunication platform 110 may utilize any one or a combination of knowncommunication networks and connections to facilitate communication inthe system 100, including the Internet, private networks, local areanetworks, cellular or other over-the-air wireless carrier interfaces(e.g., CDMA, UMTS, GSM, LTE), Bluetooth, Wi-Fi, and other wired andwireless communication pathways. Any communication network may beutilized alone or in combination to provide connectivity for the system100.

Requester Platform 120

The requester platform 120 may include any suitable computing devicethat is configured to allow a user to interact with other platforms ofthe system 100. For example, the user device may be any of numerousgeneral purpose or special purpose computing system environments orconfigurations. Examples of well-known computing devices, systems,environments, and/or configurations thereof that may be suitable for usein accordance with particular embodiments of the disclosure include, butare not limited to, personal computers, hand-held or laptop devices,mobile phones, tablet and e-readers, and programmable consumerelectronics. The requester platform 120 may include various components,including a processor 121, a display 123, a database 124, a camera (notshown), an input/output interface (e.g., a touch screen, keyboard,mouse) (not shown), and memory 122 from which software may be executed.The requester platform 120 may also include various softwareapplications, including those that operate in conjunction with a webbrowser (e.g., through a LAN connection or radio link), and those thatoperate without web connectivity.

Receiver Platform 130

Similar to the requester platform 120, the receiver platform 130 mayinclude any suitable computing device that is configured to allow a userto interact with other platforms of the system 100. For example, theuser device may be any of numerous general purpose or special purposecomputing system environments or configurations. Examples of well-knowncomputing devices, systems, environments, and/or configurations thereofthat may be suitable for use in accordance with particular embodimentsof the disclosure include, but are not limited to, personal computers,hand-held or laptop devices, mobile phones, tablet and e-readers, andprogrammable consumer electronics. Moreover, the receiver platform 130may also include the various components (e.g., processor, display,database, input/output interfaces, memory, etc.) described in therequester platform 120, although not shown in the receiver platform 130of FIG. 1. The receiver platform 130 may also include various softwareapplications, including those that operate in conjunction with a webbrowser (e.g., through a LAN connection or radio link), and those thatoperate without web connectivity.

In one embodiment, the requester platform 120 and the receiver platform130 may each be implemented on a mobile phone device. An application,stored in the phone's memory, may be utilized by a user to chooseencryption and decryption methods (where additional applications mayperform the actual encryption and decryption), set or monitor expirationand usage parameters relating to encrypted or decrypted content, and tointeract with the key management platform 140. The application may befurther configured to provide other features of the system 100 asdescribed in more detail below. One skilled in the art will appreciatethat the requester and receiver platforms may be configured to operateon other similar devices such as computers, notebooks, PDAs, webbrowsers, and other peer to peer environments.

Key Management Platform 140

In general, the key management platform 140 may be configured to controlthe generation and distribution of encryption information for thesystem. Although not shown, the key management platform 140 may resideon the requester platform 120 (e.g., in a secure location of therequester platform 120). Specifically, the key management platform 140may generate encryption information, such as private and public keys, inresponse to user requests (e.g., from the requester platform 120).Moreover, the key management platform 140 may set parameters relating touse of encrypted content. The key management platform 140 may be furtherconfigured to serve as a central provider of encryption services to bothrequester and receiver users, and may control the encryption anddistribution of files.

In accordance with certain aspects of the disclosure, the managementplatform 140 may include, one or more input/output interfaces (notshown), processors 141, servers 142, databases 143, memory 144, orsimilar components. One of skill in the art will appreciate that some orall of the functionality of the management platform 140 described infurther detail below may be performed at one or a combination of theother platforms.

The database 143 may be referred to herein as a hard disk drive forconvenience, but this is not required, and one of ordinary skill in theart will recognize that other storage media may be utilized withoutdeparting from the scope of the disclosure. In addition, one of ordinaryskill in the art will recognize that the database 143 which is depictedas a single storage device, may be realized by multiple (e.g.,distributed) storage devices. It is further contemplated that thedatabase 143 may include one or more types of a databases, includinghierarchical databases, network databases, relational databases,non-relational databases, object-oriented databases, or another type ofdatabase able to handle various data types (e.g., structured data thatfits nicely into fields, rows, and columns, or data from various mediasources such as graphics, photographs, audio, and video structured data.For example, the database 143 may store data in a fixed file format,such as XML, comma separated values, tab separated values, or fixedlength fields. Alternatively, the database 143 may store data in anon-fixed file format (e.g., a NoSQL database).

As further shown in FIG. 1, the key management platform 140 may comprisea software solution 145 with various modules implemented in software,including: (i) a user profile module 145A; (ii) encryption module 145B;(iii) communication module 145C; and (iv) validation module 145D.

The processor 141 may be configured to execute instructions embodied inthe software solution 145, which may be stored in memory 144. One ofskill in the art will appreciate that the software solution 145 may beconfigured to operate on personal computers (e.g., handheld, notebook ordesktop, cell phones, PDA, consumer electronics, etc.), servers (e.g., asingle server configuration or a multiple server configuration), or anydevice capable of processing instructions embodied in executable code.Moreover, one of ordinary skill in the art will recognize thatalternative embodiments, which implement one or more components of thedisclosure in hardware, are within the scope of the disclosure.

Attention is now drawn to modules 145A-D of the software solution 145.Modules 145A-D may operate in concert with each other to perform certainfunctions of the software solution 145, as described herein.

User Profile Module 145A

The user profile module 145A may be configured to collect and organizeinformation on users who interact with the system. The user profilemodule 145A may prompt appropriate user data at the user devices (e.g.,at the requester platform 120 and the receiver platform 130). Forexample, user data may include name, address, payment information, andother related user information. The data may then be organized into auser profile which a user may utilize to make subsequent encryptionpurchases or other interactions with the key management platform 140. Auser may be provided with a user name and password associated with theuser's profile to enable the key management platform 140 to authenticatethe user and access any profile data or stored encryption data. The userprofile module 145A may be further configured to associate encryptionwith particular devices or other security options which may apply tofuture encryption requests.

Encryption Module 145E

The encryption module 145B may be configured to generate encryptioninformation in accordance with many available encryption protocols.Specifically, the encryption module 145B controls the generation ofencryption keys that incorporate use parameters concerning theencryption. One skilled in the art will appreciate that many encryptionalgorithms exist and may include, but is not limited to, for example,hash encryption and RSA encryption standards. The use parameters mayform part of the encryption key, may be embedded into the encryptedcontent (e.g., as part of metadata), or may be set forth in a separatefile. The use parameters may be operated on by various means, includingcomputer applications that interpret the use parameters, monitorconditions associated with the use parameters, and control access toencrypted or decrypted content based on the use parameters. Inaccordance with some aspects, content received by a receiver platform130 may “self-destruct” when an application running on the receiverplatform 130 in a protected determines that certain use parameters havebeen met, and then deletes the content. Encryption keys may also employdigital rights management (DRM) access control technologies that limitthe use of the content after receipt (e.g., using persistent onlineauthentication, using metadata in the key or the encrypted content thatincludes information relating to use parameters, and othertechnologies).

In one embodiment, the encryption module 145B may generate a private andpublic encryption key pair, and then send one key of the pair to therequester platform 120, where that key is used to encrypt a fileresiding at the requester platform 120, and also send the other key ofthe pair to the receiver platform 130. Alternatively, a user may providethe file to be encrypted to the key management platform 140 and theencryption module may prepare (e.g., security scan) and encrypt the fileinto a format to be sent back to the requester. The encrypted file mayinstead be kept at the key management platform 140 so it may bedownloaded and decrypted at a later time. The encryption module may alsoprovide decryption services to a receiving user either through upload ofan encrypted file with the correct associated public key or a user maydownload the encrypted file from the key management platform 140 aftercorrectly providing the associated public key.

Communication Module 145C

The communication module 145C may be configured to provide communicationservices from the key management platform 140 to the other platforms.The communication module 145C may be further configured to utilizeencrypted communications to allow secure transmission of informationfrom the key management platform 140. Private and public key securitymay be compromised if the communication of the keys and other associatedinformation is not protected during transmission to the user platforms120-130. The communication module 145C may provide security whentransmitting sensitive data over the communications platform 110. Oneskilled in the art will appreciate the many known methods for datasecurity and encryption over communication networks and should not beread in a limiting sense.

Validation Module 145D

The validation module 145D may be configured to validate keys that havebeen transmitted to users. The validation module 145D may storeinformation about each encryption which may be utilized by users toverify that the correct key has been provided. The validation module145D may also provide other known validation techniques to ensure thatkeys are transmitted to users error free.

Example Processes

Attention may now be drawn to FIG. 2, which illustrates a high levelprocess flow diagram detailing the data communication process flow forimplementing certain features of the system 100 of FIG. 1. As shown, theprocess flow may be executed through data exchange between severalcomponents, including a requester platform 120, a receiver platform 130,and a key management platform 140.

At step 210, a user of the requester platform 120 may launch a securecontent exchange application. At step 220, the launched application mayinitiate an encryption service and communicate with the key managementplatform 140. Once communication between the requester platform 120 andthe key management platform 140 is established, a user may be presentedwith options for acquiring a particular type of encryption, for settinguse parameters, and for setting an intended recipient at the receiverplatform 130. For example, different types of encryption (e.g., hash,RSA, etc.) may be made available to the user. Each type of standardencryption algorithm may offer unique benefits to a particular user.Additionally, a user may choose additional security features such as apass phrase to further protect the user's content.

In addition to security features, a user may be presented with optionsregarding any usage parameters the user wishes to set, where accessprivileges to encrypted or decrypted content may become invalid based onvarious conditions. For instance, a user may limit decryption by aparticular device identified by, for example, its IP address, MACaddress, serial number, or other unique identifying informationassociated with a particular device, which may prevent unauthorizedcopying or moving of encrypted or decrypted content to unauthorizeddevices. Particular information about a user may also be used, includingdate of birth, social security numbers, phone number, residence address,email address, driver license number or other digital fingerprints.

Moreover, a user may limit whether the content may be copied or alteredand may restrict the number of times the content may be viewed ordecrypted. The restrictions may also be temporal (e.g., content may onlybe decrypted within a particular time period accounting for time zonesassociated with users), or the restrictions may be geographically (e.g.,content may only be decrypted by a device within a certain geographicarea of the world as determined by geo-fencing technologies and otherlocation technologies). The restrictions may also require re-encryptionof the information, its subparts, or its subsequent versions, before itcan be forwarded to another user or device. The restrictions may furtherrequire action on the part of the receiving user (e.g., the decryptedinformation must be moved to a secure file identified by the requestinguser). Finally, a user may choose to request encryption which may beopened by either a single receiver or multiple receivers, and may wishto set different use parameters for each receiver, or may wish to setuse parameters that are dependent upon certain actions associated withuse of the encrypted content over time and by some or all of thereceivers.

Status updates and alerts may also be sent to requester platform 120 orkey management platform 140. The platforms 120 and 140 may, in responseto the updates and alerts, initiate control over use of the originallyencrypted content.

Once a user has selected the type of encryption desired and theappropriate options, the application may communicate a request to thekey management platform 140. All of the information communicatedconcerning the user's encryption request may be included in thecommunication.

At step 230, the key management platform 140 receives a request forencryption and determines whether the user is a known user or new user.If the user is unknown, the key management platform 140 may communicatewith the requester platform 120 to facilitate an exchange of new userinformation. For example, a new user may input their name, address,billing information, and other user related information as well as agreeto appropriate documentation before the key management platform 140 willdistribute any encryption information to the requester 120 or receiverdevices 130. Once the user information is gathered, the key managementplatform 140 generates a user profile for the new user which may be usedin the future to identify the particular user. As previously discussedthe user profile may be stored in the database 143.

At step 240, the key management platform 140 may authenticate a user,utilizing the user's profile generated at step 230. Once authenticated,the key management platform 140 may also communicate with the requesterplatform 120 to gather any additional data or configuration options asneeded.

Payment options may also be presented to the user to pay for theencryption service. A user may choose to pay on monthly installments forlimited or unlimited use, or may choose to purchase individual, upon-useencryption services as needed. Alternative subscription services knownin the art are also contemplated. Depending on the subscription service,the price may vary with the type of encryption requested and theadditional security and usage parameters selected by the user. Using therequester platform 120, the user may input appropriate paymentinformation (e.g., credit card, checking account, etc.) and the keymanagement platform 140 may process the payment.

At step 250, the key management platform generates the encryptioninformation according to the user's request. One skilled in the art willappreciate that different types of encryption require different types ofdata to be generated. For example, RSA encryption involves thegeneration of a public and private key. Encrypted content may only bedecrypted by matching the appropriate public key with the private key.

Due to the differences in encryption methods and the required dataassociated with each, the key management platform 140 may utilize anumber of different methods for providing encryption services dependingon the particular demands. In one embodiment, the generated private andpublic keys may be distributed to the requester platform 120 as well asto the receiver platform 130, where the actual encryption and decryptionof content occurs at those platforms. However, in another embodiment therequesting user may communicate or “upload” the content to be encryptedto the key management platform 140 for encryption using the requesterplatform 120. Since the uploaded content (e.g., file) is available tothe key management platform 140, the file may be scanned for securityissues and the selected encryption method may be embedded into thecontent's file itself. This method may increase security because, in thecase of RSA encryption, the private key may be encapsulated into thefile at the key management platform 140 eliminating the need to transmitthe private key to the requester platform 120 and reducing the risk ofsecurity compromise. Moreover, by limiting the availability of theprivate key to the users of the system, the encryption key generationmethod may be better protected from unscrupulous individuals gathering,or “mining,” public and private keys in an attempt to break the keygeneration algorithm. This method may also help protect against a userthat misplaces the private key or, for some reason, does not encrypt theuser's file using the correct private key (e.g., input mistakes, copyerrors, etc.). Generally, the key management platform 140 may act as acentral hub which may control the encryption and distribution of userfiles.

At step 260, the generated keys are communicated to the appropriateusers at associated platforms. A private key may be distributed to therequesting user at the requester platform 120. Similarly, the associatedpublic key may be distributed to the receiving user at the receiverplatform 130. Any communication link or protocol may be used to transmitthe keys; however, a secure encrypted communication link may be used toincrease security.

At step 270, the requester user may validate the private key which hasbeen transmitted. Any error in the private key may prevent theencryption algorithm from successfully encrypting or decrypting a file.Validation of the keys, once received at the requester platform 120 mayhelp to ensure that the private key has been accurately transmitted. Inone embodiment, verification of the private key may be facilitated bycommunicating with the key management platform 140 to check that theprivate key received matches the private key which was transmitted.(Similar validation may occur in relation to the public key between thereceiver platform 130 and the key management platform 140.)

At step 280, a user at the requester platform 120 may encrypt thecontent file using the private key which was provided by the keymanagement platform 140. Once encrypted the file may be transmitted tothe receiver platform 130. Transmission may occur over various means,including ftp, sftp, https, http, tcp stack applications, and otherpeer-to-peer technologies known in the art. Use parameters may also beset by a user at the requester platform 120 (as opposed to at the keymanagement platform 140).

At step 290, the receiver user may decrypt the file at the receiverplatform 130. Once decrypted the content may be viewed or otherwiseinteracted with by the receiver user. The other security options chosenby the requester, such as temporal or geographical restrictions, maytake effect and limit how the receiver user interacts with the content.Such restrictions may be autonomously enforced at the receiver platform130 (e.g., via a software module for controlling access to encrypted ordecrypted content), or may be enforced by instructions/permissionsreceived from the requester 120 or the key management platform 140 viathe communication platform 110.

Attention may now be drawn to FIG. 3, which illustrates a high levelprocess flow diagram detailing the encryption process for implementingcertain features of the requester 120 and receiver platforms 130. Theflow of FIG. 3 is similar to that of FIG. 2.

At step 310, a user may launch a secure content exchange application. Atstep 320, the user may select options regarding encryption methods andsecurity features and may communicate a request to the key managementplatform 140.

At step 330, the system may attempt to authenticate a user. If the useris unknown to the system, it may generate prompts to gather appropriateuser data. At step 340 a, the user inputs the appropriate informationand registers as a new user to the system. A user may be provided with ausername and password. At step 340 b, the user data is organized andstored to generate a user profile which may be utilized in the future toauthenticate a particular user.

At step 350, encryption information such as private and public key pairsare generated in accordance with the user's preferences. At step 360,the private and public keys are transmitted to the requester andreceiver user's respectively.

At step 370, a user may use the provided private key to encrypt contentto be transmitted to the receiver. At step 380, a receiver user acquiresthe encrypted content and may use the previously received public key todecrypt and access the content. Finally, at step 390, the encryptionkeys may become invalidated in accordance with user selected securityprotocols or in response to user actions.

Variations to Embodiments

It is understood that the specific order components disclosed herein areexamples of exemplary approaches. Based upon design preferences, it isunderstood that the specific order components may be rearranged, and/orcomponents may be omitted, while remaining within the scope of thepresent disclosure unless noted otherwise. The previous description ofthe disclosed embodiments is provided to enable any person skilled inthe art to make or use the present disclosure. Various modifications tothese embodiments may be readily apparent to those skilled in the art,and the generic principles defined herein may be applied to otherembodiments without departing from the spirit or scope of thedisclosure. Thus, the present disclosure is not intended to be limitedto the embodiments shown herein but is to be accorded the widest scopeconsistent with the principles and novel features disclosed herein.

The disclosure is not intended to be limited to the aspects shownherein, but is to be accorded the full scope consistent with thespecification and drawings, wherein reference to an element in thesingular is not intended to mean “one and only one” unless specificallyso stated, but rather “one or more.” Unless specifically statedotherwise, the term “some” refers to one or more. A phrase referring to“at least one of” a list of items refers to any combination of thoseitems, including single members. As an example, “at least one of: a, b,or c” is intended to cover: a; b; c; a and b; a and c; b and c; and a, band c.

The various illustrative logical blocks, modules, and circuits describedin connection with the embodiments disclosed herein may be implementedor performed with a general purpose processor, a digital signalprocessor (DSP), an application specific integrated circuit (ASIC), afield programmable gate array (FPGA) or other programmable logic device,discrete gate or transistor logic, discrete hardware components, or anycombination thereof designed to perform the functions described herein.A general purpose processor may be a microprocessor, but in thealternative, the processor may be any conventional processor,controller, microcontroller, or state machine. A processor may also beimplemented as a combination of computing devices, e.g., a combinationof a DSP and a microprocessor, a plurality of microprocessors, one ormore microprocessors in conjunction with a DSP core, or any other suchconfiguration.

In accordance with certain aspects of the present disclosure, one ormore of the process steps described herein may be stored in memory ascomputer program instructions. These instructions may be executed by adigital signal processor, an analog signal processor, and/or anotherprocessor, to perform the methods described herein. Further, theprocessor(s), the memory, the instructions stored therein, or acombination thereof may serve as a means for performing one or more ofthe method steps described herein.

Those of skill in the art would understand that information and signalsmay be represented using any of a variety of different technologies andtechniques. For example, data, instructions, commands, information,signals, bits, symbols, and chips that may be referenced throughout theabove description may be represented by voltages, currents,electromagnetic waves, magnetic fields or particles, optical fields orparticles, or any combination thereof.

Those of skill would further appreciate that the various illustrativelogical blocks, modules, circuits, and algorithm steps described inconnection with the embodiments disclosed herein may be implemented aselectronic hardware, computer software, or combinations of both. Toclearly illustrate this interchangeability of hardware and software,various illustrative components, blocks, modules, circuits, and stepshave been described above generally in terms of their functionality.Whether such functionality is implemented as hardware or softwaredepends upon the particular application and design constraints imposedon the overall system. Skilled artisans may implement the describedfunctionality in varying ways for each particular application, but suchimplementation decisions should not be interpreted as causing adeparture from the scope of the present disclosure.

In one or more exemplary embodiments, the functions described may beimplemented in hardware, software, firmware, or any combination thereof.If implemented in software, the functions may be stored on or encoded asone or more instructions or code on a computer-readable medium.Computer-readable media includes computer storage media. Storage mediamay be any available media that can be accessed by a computer. By way ofexample, and not limitation, such computer-readable media can compriseRAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic diskstorage or other magnetic storage devices, or any other medium that canbe used to carry or store desired program code in the form ofinstructions or data structures and that can be accessed by a computer.Disk and disc, as used herein, includes compact disc (CD), laser disc,optical disc, digital versatile disc (DVD), floppy disk and Blu-ray discwhere disks usually reproduce data magnetically, while discs reproducedata optically with lasers. Combinations of the above should also beincluded within the scope of computer-readable media. Any processor andthe storage medium may reside in an ASIC. The ASIC may reside in a userterminal. In the alternative, the processor and the storage medium mayreside as discrete components in a user terminal.

The previous description of the disclosed embodiments is provided toenable any person skilled in the art to make or use the presentdisclosure. Various modifications to these embodiments may be readilyapparent to those skilled in the art, and the generic principles definedherein may be applied to other embodiments without departing from thespirit or scope of the disclosure. Thus, the present disclosure is notintended to be limited to the embodiments shown herein but is to beaccorded the widest scope consistent with the principles and novelfeatures disclosed herein. It is intended that the following claims andtheir equivalents define the scope of the disclosure.

Aspects of the present disclosure are typically carried out in orresident on a computing network. The computing network generallyincludes computer hardware components such as servers, monitors, I/Odevices, network connection devices, as well as other associatedhardware. In addition, the aspects and features described below mayinclude one or more application programs configured to receive, convert,process, store, retrieve, transfer and/or export data and other contentand information. As an example, these aspects and features may includeone or more processors that may be coupled to a memory space comprisingSRAM, DRAM, Flash and/or other physical memory devices. Memory space maybe configured to store an operating system (OS), one or more applicationprograms, such as a UI program, data associated with the pertinentaspect or feature, applications running on processors in the device,user information, or other data or content. The various aspects andfeatures of the present disclosure may further include one or more UserI/O interfaces, such as keypads, touch screen inputs, mice, Bluetoothdevices or other I/O devices. In addition, the certain aspects andfeatures may include a cellular or other over the air wireless carrierinterface, as well as a network interface that may be configured tocommunicate via a LAN or wireless LAN (WiLAN), such as a Wi-Fi network.Other interfaces, such as USB or other wired interfaces may also beincluded.

As used herein, computer program products comprising computer-readablemedia including all forms of computer-readable medium except, to theextent that such media is deemed to be non-statutory, transitorypropagating signals.

While various embodiments of the present disclosure have been describedin detail, it may be apparent to those skilled in the art that thepresent disclosure can be embodied in various other forms notspecifically described herein.

1-13. (canceled)
 14. A key management system, comprising: a memorydesigned to store computer program code; a processor communicativelycoupled to the memory; wherein when the processor executes the computerprogram code, the processor is operable to at least: receive, form arequester system, a request to generate a private encryption key and apublic encryption key, a data file to be encrypted, and a use parameter;generating a private encryption key and a public encryption key;communicating the public encryption key to the requester system;encrypting the file with the use parameter based at least in part uponthe private encryption key; receiving a request to download theencrypted file and the public encryption key from a receiver system; andbased at least in part upon the request and the public encryption keyreceived from the receiver system, downloading the encrypted file to thereceiver system.